Border agents may not use travelers’ laptops, phones, and other digital devices to access and search cloud content, according to a new document by U.S. Customs and Border Protection (CBP). CBP wrote this document on June 20, 2017, in response to questions from Sen. Wyden (D-OR). NBC published it on July 12. It states:

In conducting a border search, CBP does not access information found only on remote servers through an electronic device presented for examination, regardless of whether those servers are located abroad or domestically. Instead, border searches of electronic devices apply to information that is physically resident on the device during a CBP inspection.

This is a most welcome change from prior CBP policy and practice. CBP’s 2009 policy on border searches of digital devices does not prohibit border agents from using those devices to search travelers’ cloud content. In fact, that policy authorizes agents to search “information encountered at the border,” which logically would include cloud content encountered by searching a device at the border.

We do know that border agents have used travelers’ devices to search their cloud content. Manynewsreportsdescribe border agents scrutinizing social media and communications apps on travelers’ phones, which show agents conducting cloud searches.

EFF will monitor whether actual CBP practice lives up to this salutary new policy. To help ensure that border agents follow it, CBP should publish it. So far, the public only has second-hand information about this “nationwide muster” (the term CBP’s June 17 document uses to describe this new CBP written policy on searching cloud data). Also, CBP should stop seeking socialmediahandlesfromforeignvisitors, which blurs CBP’s new instruction to border agents that cloud searches are off limits.

Separately, CBP’s responses to Sen. Wyden’s questions explain what will happen to a U.S. citizen who refuses to comply with a border agent’s demand to disclose their device password (or unlock their device) in order to allow the agent to search their device:

[A]lthough CBP may detain an arriving traveler’s electronic device for further examination, in the limited circumstances when that is appropriate, CBP will not prevent a traveler who is confirmed to be a U.S. citizen from entering the country because of a need to conduct that additional examination.

This is what EFF told travelers would happen in our March 2017 border guide, based on law and reported CBP practice. It is helpful that CBP has confirmed this in writing. However, CBP also should publicly state whether U.S. lawful permanent residents (green card holders) will be denied entry for not facilitating a CBP search of their devices. They should not be denied entry. Notably, Sen. Wyden asked CBP to answer this question about all “U.S. persons,” and not just U.S. citizens.

CBP’s responses leave other important questions unanswered. For example, CBP should publicly state whether, when border agents ask travelers for their device passwords, the agents must (in the words of Sen. Wyden) “first inform the traveler that he or she has the right to refuse.” CBP did not answer this question. The international border is an inherently coercive environment, where harried travelers must seek permission to come home from uniformed and frequently armed agents in an unfamiliar space. To ensure that agents do not strong-arm travelers into surrendering their digital privacy, agents should be required to inform travelers that they may choose not to unlock their devices.

Also, CBP should publicly answer Sen. Wyden’s question about how many times in the last five years CBP has searched a device “at the request of another government agency.” Such searches will usually be improper. Historically, courts have granted border agents greater search powers than other law enforcement officials, but only for purposes of enforcing customs and immigration laws. If border agents search travelers at the request of other agencies, they presumably do so for others purposes, and so use of their heightened powers is improper. While CBP’s document provides information about CBP’s assistance requests to other agencies (for example, to seek technical help with decryption), this sheds no light on other agencies’ requests to CBP to use a traveler’s presence at the border as an excuse to conduct a warrantless search, which likely would not be justified at the interior of the country.

EFF applauds Sen. Wyden for his leadership in congressional oversight of CBP’s border device searches. We also thank CBP for answering some of Sen. Wyden’s questions. But many questions remain.

CBP’s June 2017 responses confirm that much more must be done to protect travelers’ digital privacy at the U.S. border. An excellent first step would be to enact Sen. Wyden’s bipartisan bill to require border agents to get a warrant before searching the digital devices of U.S. persons.

Related Updates

Media outlets reported this week that an international student at Harvard University was deported back to Lebanon after border agents in Boston searched his electronic devices and confronted him about his friends’ social media posts. These allegations raise serious concerns about whether the government is following its own policies regarding...

The U.S. Court of Appeals for the Ninth Circuit issued a new ruling in U.S. v. Cano [.pdf] that offers greater privacy protection for people crossing the border with their electronic devices, but it doesn’t go as far as we sought in our amicus brief. Cano had attempted...

Under the bipartisan Protecting Data at the Border Act, border officers would be required to get a warrant before searching a traveler’s electronic device. Last month, the bill was re-introduced into the U.S. Senate by Sen. Ron Wyden (D-Ore.) and Sen. Rand Paul (R-Ky.). It is co-sponsored by...

The U.S. Court of Appeals for the Seventh Circuit in United States v. Wanjiku missed an opportunity to protect travelers’ privacy rights and check the government’s ability to conduct invasive border searches of electronic devices. EFF, along with the ACLU, filed an amicus brief in the case arguing...

BOSTON — The Electronic Frontier Foundation (EFF) and the ACLU today asked a federal court to rule without trial that the Department of Homeland Security violates the First and Fourth Amendments by searching travelers’ smartphones and laptops at airports and other U.S. ports of entry without a warrant.The request...

EFF joined a letter to Secretary of State Mike Pompeo opposing a proposal to deploy stronger vetting procedures against Chinese students intending to study in the United States because the procedures would threaten the free speech interests of both Chinese students and their American associates. Reuters reported that...

EFF, joined by ACLU, filed an amicus brief in the U.S. Court of Appeals for the Seventh Circuit arguing that border agents need a probable cause warrant before searching personal electronic devices like cell phones and laptops. We filed our brief in a criminal case involving Donald Wanjiku, who...

The U.S. Court of Appeals for the Eleventh Circuit got it wrong—again—ruling last week in U.S. v. Touset that border agents may forensically search, without any suspicion of wrongdoing, travelers’ electronic devices. The Eleventh Circuit ruled in March in U.S. v. Vergara that neither a warrant nor probable...